Skip to content

Latest commit

 

History

History
86 lines (60 loc) · 2.81 KB

README.md

File metadata and controls

86 lines (60 loc) · 2.81 KB

nginx_modsec3_crs role

Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset

Forked from @perryk's ansible-role-nginx-modsec3-crs3

There are a number of libraries and packages which ModSecurity3 depends on and will be installed via this role.

This role will additionally install any compilers and other build tools required for compilation. It will then remove these tools if they were not previously installed.

Nginx support is primarily provided by the dependent role ansible-role-nginx by jdauphant.

https://github.com/jdauphant/ansible-role-nginx

⚠️ jdauphant's nginx role is no longer mantained.

Requirements

Before running a playbook which calls this role:

Install any required Ansible roles from requirements.yml View here.

ansible-galaxy install -r requirements.yml

i.e this in the requirements.yml file for your project's playbook (not the requirements.yml file for this role) you will need to include both this role and the role mentioned above like this:

- src: coopdevs.nginx_modsec3_crs

- src: jdauphant.nginx
  version: v2.21.2

Role Variables

Browse the role's defaults/main.yml and vars/main.yml files to see if there is anything you would like to change or need to override by setting in your playbook.

Specific-role vars are explained below, with their default value set.

# Enables the modsecurity compilation, installation and configuration if it is not installed
nginx_modsec3_enabled: True
 # Set the ruleset version
nginx_modsec3_crs_version: v3.4/dev
# Force modsecurity recompile despite it is already installed
nginx_modsec3_crs3_force_compile: True
# Enable the block mode (if False, then "Detection Only" mode is set)
nginx_modsec3_crs3_block_mode: True

There are lots of variables more in the nginx role, perhaps the best explanation of these are all the examples in the role README.md file.

Example Playbook

Example playbook calling the role adding and enabling ModSecurity for the default Nginx site.

- hosts: servers

  vars:
    nginx_modsec3_enabled: True
    nginx_modsec3_crs_version: v4.0/dev
    nginx_pkgs:
      - nginx
    nginx_module_configs:
      - ngx_http_modsecurity_module
    nginx_sites:
      default:
       - |
         ...
         modsecurity on;
         modsecurity_rules_file /etc/nginx/modsec/main.conf;
         ...
  roles:
    - coopdevs.nginx_modsec3_crs

License

GPL-3.0-or-later

Author Information

Perry Kollmorgen - https://github.com/perryk
Coopdevs - https://github.com/coopdevs